Adobe Reader zero-day vulnerability in active exploitation

On April 7, 2026, researchers disclosed an actively exploited Adobe Reader zero-day (in use since December 2025) that allows attackers to abuse privileged Acrobat APIs via malicious PDFs with obfuscated JavaScript, enabling data theft and potential remote code execution; Russian-language lures suggest targeting of the oil and gas sector. The report supplies IoCs (MD5/SHA1/SHA256 hashes for malicious PDFs, C2 domain and IP:ports, and an Adobe Synchronizer User-Agent), lists recommended mitigations (monitor for Adobe patch, scan/block PDF attachments, user training), and references multiple external reports.